Cyber Resilience

CVE-2026-44798

High

Published: 28 May 2026

Published
28 May 2026
Modified
28 May 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
EPSS Score 0.0028 19.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-44798 is a high-severity MAID (CWE-471) vulnerability in Networktocode Nautobot. Its CVSS base score is 7.1 (High).

Operationally, ranked at the 19.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the current_head field on the record, which…

more

was not intended to be user-editable. Doing so could cause Nautobot's local clone(s) of the relevant repository to checkout a commit other than the latest commit on the specified branch (resulting in misleading state), or potentially to be unable to make use of the repository at all (until manually remediated) due to the current_head pointing to a nonexistent commit hash or malformed value. This vulnerability is fixed in 2.4.33 and 3.1.2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-44797Same product: Networktocode Nautobot
CVE-2026-4051Shared CWE-749
CVE-2025-14713Shared CWE-749
CVE-2025-47366Shared CWE-749
CVE-2025-53964Shared CWE-749
CVE-2024-12651Shared CWE-749
CVE-2026-30957Shared CWE-749
CVE-2024-13242Shared CWE-749
CVE-2025-59403Shared CWE-749
CVE-2026-35488Shared CWE-749

Affected Assets

networktocode
nautobot
≤ 2.4.33 · 3.0.0 — 3.1.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-749

Explicitly prohibiting dangerous or unnecessary functions and services prevents exposure of methods that could be directly exploited.

addresses: CWE-749

Minimal functionality removes or avoids exposure of dangerous methods and functions.

addresses: CWE-471

Checksums and integrity protection during transformation/packing detect unauthorized modification of data assumed to be immutable before it is transmitted.

References